diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-07-07 11:50:20 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-07-07 11:50:20 +1000 |
commit | a916d143a16c59a6bc82df5e1d6b046e17d31848 (patch) | |
tree | e1d10bb44cf7af70845fbb927f2b8ed92e4f1468 | |
parent | f92c0794ec9162f4e0d5291fe58e4fcb5a00f6d3 (diff) |
- [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
Kerberos code path into a common function and expand mkstemp template to be
consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth-krb5.c | 54 | ||||
-rw-r--r-- | auth.h | 5 | ||||
-rw-r--r-- | gss-serv-krb5.c | 32 |
4 files changed, 46 insertions, 52 deletions
@@ -1,3 +1,8 @@ | |||
1 | 20050707 | ||
2 | - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT | ||
3 | Kerberos code path into a common function and expand mkstemp template to be | ||
4 | consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@ | ||
5 | |||
1 | 20050706 | 6 | 20050706 |
2 | - (djm) OpenBSD CVS Sync | 7 | - (djm) OpenBSD CVS Sync |
3 | - markus@cvs.openbsd.org 2005/07/01 13:19:47 | 8 | - markus@cvs.openbsd.org 2005/07/01 13:19:47 |
@@ -2782,4 +2787,4 @@ | |||
2782 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2787 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2783 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2788 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2784 | 2789 | ||
2785 | $Id: ChangeLog,v 1.3835 2005/07/05 23:45:26 djm Exp $ | 2790 | $Id: ChangeLog,v 1.3836 2005/07/07 01:50:20 dtucker Exp $ |
diff --git a/auth-krb5.c b/auth-krb5.c index 2f742534a..01b387c23 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -67,9 +67,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
67 | #ifndef HEIMDAL | 67 | #ifndef HEIMDAL |
68 | krb5_creds creds; | 68 | krb5_creds creds; |
69 | krb5_principal server; | 69 | krb5_principal server; |
70 | char ccname[40]; | ||
71 | int tmpfd; | ||
72 | mode_t old_umask; | ||
73 | #endif | 70 | #endif |
74 | krb5_error_code problem; | 71 | krb5_error_code problem; |
75 | krb5_ccache ccache = NULL; | 72 | krb5_ccache ccache = NULL; |
@@ -146,26 +143,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
146 | goto out; | 143 | goto out; |
147 | } | 144 | } |
148 | 145 | ||
149 | snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); | 146 | problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); |
150 | |||
151 | old_umask = umask(0177); | ||
152 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
153 | umask(old_umask); | ||
154 | if (tmpfd == -1) { | ||
155 | logit("mkstemp(): %.100s", strerror(errno)); | ||
156 | problem = errno; | ||
157 | goto out; | ||
158 | } | ||
159 | |||
160 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | ||
161 | logit("fchmod(): %.100s", strerror(errno)); | ||
162 | close(tmpfd); | ||
163 | problem = errno; | ||
164 | goto out; | ||
165 | } | ||
166 | close(tmpfd); | ||
167 | |||
168 | problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); | ||
169 | if (problem) | 147 | if (problem) |
170 | goto out; | 148 | goto out; |
171 | 149 | ||
@@ -234,4 +212,34 @@ krb5_cleanup_proc(Authctxt *authctxt) | |||
234 | } | 212 | } |
235 | } | 213 | } |
236 | 214 | ||
215 | #ifndef HEIMDAL | ||
216 | krb5_error_code | ||
217 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | ||
218 | int tmpfd, ret; | ||
219 | char ccname[40]; | ||
220 | mode_t old_umask; | ||
221 | |||
222 | ret = snprintf(ccname, sizeof(ccname), | ||
223 | "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); | ||
224 | if (ret == -1 || ret >= sizeof(ccname)) | ||
225 | return errno; | ||
226 | |||
227 | old_umask = umask(0177); | ||
228 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
229 | umask(old_umask); | ||
230 | if (tmpfd == -1) { | ||
231 | logit("mkstemp(): %.100s", strerror(errno)); | ||
232 | return errno; | ||
233 | } | ||
234 | |||
235 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | ||
236 | logit("fchmod(): %.100s", strerror(errno)); | ||
237 | close(tmpfd); | ||
238 | return errno; | ||
239 | } | ||
240 | close(tmpfd); | ||
241 | |||
242 | return (krb5_cc_resolve(ctx, ccname, ccache)); | ||
243 | } | ||
244 | #endif /* !HEIMDAL */ | ||
237 | #endif /* KRB5 */ | 245 | #endif /* KRB5 */ |
@@ -191,4 +191,9 @@ int sys_auth_passwd(Authctxt *, const char *); | |||
191 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" | 191 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" |
192 | 192 | ||
193 | #define SKEY_PROMPT "\nS/Key Password: " | 193 | #define SKEY_PROMPT "\nS/Key Password: " |
194 | |||
195 | #if defined(KRB5) && !defined(HEIMDAL) | ||
196 | #include <krb5.h> | ||
197 | krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *); | ||
198 | #endif | ||
194 | #endif | 199 | #endif |
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 91d87f798..c642a83fe 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -131,34 +131,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
131 | return; | 131 | return; |
132 | } | 132 | } |
133 | #else | 133 | #else |
134 | { | 134 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { |
135 | int tmpfd; | 135 | logit("ssh_krb5_cc_gen(): %.100s", |
136 | char ccname[40]; | 136 | krb5_get_err_text(krb_context, problem)); |
137 | mode_t old_umask; | 137 | return; |
138 | |||
139 | snprintf(ccname, sizeof(ccname), | ||
140 | "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); | ||
141 | |||
142 | old_umask = umask(0177); | ||
143 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
144 | umask(old_umask); | ||
145 | if (tmpfd == -1) { | ||
146 | logit("mkstemp(): %.100s", strerror(errno)); | ||
147 | problem = errno; | ||
148 | return; | ||
149 | } | ||
150 | if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) { | ||
151 | logit("fchmod(): %.100s", strerror(errno)); | ||
152 | close(tmpfd); | ||
153 | problem = errno; | ||
154 | return; | ||
155 | } | ||
156 | close(tmpfd); | ||
157 | if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) { | ||
158 | logit("krb5_cc_resolve(): %.100s", | ||
159 | krb5_get_err_text(krb_context, problem)); | ||
160 | return; | ||
161 | } | ||
162 | } | 138 | } |
163 | #endif /* #ifdef HEIMDAL */ | 139 | #endif /* #ifdef HEIMDAL */ |
164 | 140 | ||